<!DOCTYPE html>
<html lang="en">

<head>
  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
  <meta http-equiv="Content-Language" content="en-us">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
  <meta name="description" content="23 known vulnerabilities found in 78 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
  <style type="text/css">
  
    body {
      -moz-font-feature-settings: "pnum";
      -webkit-font-feature-settings: "pnum";
      font-variant-numeric: proportional-nums;
      display: flex;
      flex-direction: column;
      font-feature-settings: "pnum";
      font-size: 100%;
      line-height: 1.5;
      min-height: 100vh;
      -webkit-text-size-adjust: 100%;
      margin: 0;
      padding: 0;
      background-color: #F5F5F5;
      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
    }
  
    h1,
    h2,
    h3,
    h4,
    h5,
    h6 {
      font-weight: 500;
    }
  
    a,
    a:link,
    a:visited {
      border-bottom: 1px solid #4b45a9;
      text-decoration: none;
      color: #4b45a9;
    }
  
    a:hover,
    a:focus,
    a:active {
      border-bottom: 1px solid #4b45a9;
    }
  
    hr {
      border: none;
      margin: 1em 0;
      border-top: 1px solid #c5c5c5;
    }
  
    ul {
      padding: 0 1em;
      margin: 1em 0;
    }
  
    code {
      background-color: #EEE;
      color: #333;
      padding: 0.25em 0.5em;
      border-radius: 0.25em;
    }
  
    pre {
      background-color: #333;
      font-family: monospace;
      padding: 0.5em 1em 0.75em;
      border-radius: 0.25em;
      font-size: 14px;
    }
  
    pre code {
      padding: 0;
      background-color: transparent;
      color: #fff;
    }
  
    a code {
      border-radius: .125rem .125rem 0 0;
      padding-bottom: 0;
      color: #4b45a9;
    }
  
    a[href^="http://"]:after,
    a[href^="https://"]:after {
      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
      background-repeat: no-repeat;
      background-size: .75rem;
      content: "";
      display: inline-block;
      height: .75rem;
      margin-left: .25rem;
      width: .75rem;
    }
  
  
  /* Layout */
  
    [class*=layout-container] {
      margin: 0 auto;
      max-width: 71.25em;
      padding: 1.9em 1.3em;
      position: relative;
    }
    .layout-container--short {
      padding-top: 0;
      padding-bottom: 0;
      max-width: 48.75em;
    }
  
    .layout-container--short:after {
      display: block;
      content: "";
      clear: both;
    }
  
  /* Header */
  
    .header {
      padding-bottom: 1px;
    }
  
    .paths {
      margin-left: 8px;
    }
    .header-wrap {
      display: flex;
      flex-direction: row;
      justify-content: space-between;
      padding-top: 2em;
    }
    .project__header {
      background-color: #030328;
      color: #fff;
      margin-bottom: -1px;
      padding-top: 1em;
      padding-bottom: 0.25em;
      border-bottom: 2px solid #BBB;
    }
  
    .project__header__title {
      overflow-wrap: break-word;
      word-wrap: break-word;
      word-break: break-all;
      margin-bottom: .1em;
      margin-top: 0;
    }
  
    .timestamp {
      float: right;
      clear: none;
      margin-bottom: 0;
    }
  
    .meta-counts {
      clear: both;
      display: block;
      flex-wrap: wrap;
      justify-content: space-between;
      margin: 0 0 1.5em;
      color: #fff;
      clear: both;
      font-size: 1.1em;
    }
  
    .meta-count {
      display: block;
      flex-basis: 100%;
      margin: 0 1em 1em 0;
      float: left;
      padding-right: 1em;
      border-right: 2px solid #fff;
    }
  
    .meta-count:last-child {
      border-right: 0;
      padding-right: 0;
      margin-right: 0;
    }
  
  /* Card */
  
    .card {
      background-color: #fff;
      border: 1px solid #c5c5c5;
      border-radius: .25rem;
      margin: 0 0 2em 0;
      position: relative;
      min-height: 40px;
      padding: 1.5em;
    }
  
    .card__labels {
      position: absolute;
      top: 1.1em;
      left: 0;
      display: flex;
      align-items: center;
      gap: 8px;
    }
  
    .card .label {
      background-color: #767676;
      border: 2px solid #767676;
      color: white;
      padding: 0.25rem 0.75rem;
      font-size: 0.875rem;
      text-transform: uppercase;
      display: inline-block;
      margin: 0;
      border-radius: 0.25rem;
    }
  
    .card .label__text {
      vertical-align: text-top;
        font-weight: bold;
    }
  
    .card .label--critical {
      background-color: #AB1A1A;
      border-color: #AB1A1A;
    }
  
    .card .label--high {
      background-color: #CE5019;
      border-color: #CE5019;
    }
  
    .card .label--medium {
      background-color: #D68000;
      border-color: #D68000;
    }
  
    .card .label--low {
      background-color: #88879E;
      border-color: #88879E;
    }
  
    .severity--low {
      border-color: #88879E;
    }
  
    .severity--medium {
      border-color: #D68000;
    }
  
    .severity--high {
      border-color: #CE5019;
    }
  
    .severity--critical {
      border-color: #AB1A1A;
    }
  
    .card--vuln {
      padding-top: 4em;
    }
  
    .card--vuln .card__labels > .label:first-child {
      padding-left: 1.9em;
      padding-right: 1.9em;
      border-radius: 0 0.25rem 0.25rem 0;
    }
  
    .card--vuln .card__section h2 {
      font-size: 22px;
      margin-bottom: 0.5em;
    }
  
    .card--vuln .card__section p {
      margin: 0 0 0.5em 0;
    }
  
    .card--vuln .card__meta {
      padding: 0 0 0 1em;
      margin: 0;
      font-size: 1.1em;
    }
  
    .card .card__meta__paths {
      font-size: 0.9em;
    }
  
    .card--vuln .card__title {
      font-size: 28px;
      margin-top: 0;
      margin-right: 100px; /* Ensure space for the risk score */
    }
  
    .card--vuln .card__cta p {
      margin: 0;
      text-align: right;
    }
  
    .risk-score-display {
      position: absolute;
      top: 1.5em;
      right: 1.5em;
      text-align: right;
      z-index: 10;
    }
  
    .risk-score-display__label {
      font-size: 0.7em;
      font-weight: bold;
      color: #586069;
      text-transform: uppercase;
      line-height: 1;
      margin-bottom: 3px;
    }
  
    .risk-score-display__value {
      font-size: 1.9em;
      font-weight: 600;
      color: #24292e;
      line-height: 1;
    }
  
    .source-panel {
      clear: both;
      display: flex;
      justify-content: flex-start;
      flex-direction: column;
      align-items: flex-start;
      padding: 0.5em 0;
      width: fit-content;
    }
  
  
  
  </style>
  <style type="text/css">
    .metatable {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      margin-top: 12px;
      border-collapse: collapse;
      border-spacing: 0;
      font-variant-numeric: tabular-nums;
      max-width: 51.75em;
    }
  
    tbody {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      display: flex;
      flex-wrap: wrap;
    }
  
    .meta-row {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      outline: none;
      text-align: left;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
      display: flex;
      align-items: start;
      border-top: 1px solid #d3d3d9;
      padding: 8px 0 0 0;
      border-bottom: none;
      margin: 8px;
      width: 47.75%;
    }
  
    .meta-row-label {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      color: #4c4a73;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      margin: 0;
      outline: none;
      text-decoration: none;
      z-index: auto;
      align-self: start;
      flex: 1;
      font-size: 1rem;
      line-height: 1.5rem;
      padding: 0;
      text-align: left;
      vertical-align: top;
      text-transform: none;
      letter-spacing: 0;
    }
  
    .meta-row-value {
      text-size-adjust: 100%;
      -webkit-font-smoothing: antialiased;
      -webkit-box-direction: normal;
      color: inherit;
      font-feature-settings: "pnum";
      border-collapse: collapse;
      border-spacing: 0;
      word-break: break-word;
      box-sizing: border-box;
      background: transparent;
      border: 0;
      font: inherit;
      font-size: 100%;
      margin: 0;
      outline: none;
      padding: 0;
      text-align: right;
      text-decoration: none;
      vertical-align: baseline;
      z-index: auto;
    }
  </style>
</head>

<body class="section-projects">
  <main class="layout-stacked">
        <div class="layout-stacked__header header">
          <header class="project__header">
            <div class="layout-container">
              <a class="brand" href="https://snyk.io" title="Snyk">
                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
                  <title>Snyk - Open Source Security</title>
                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
                    <g fill="#fff">
                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
                    </g>
                  </g>
                </svg>
              </a>
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
                <p class="timestamp">September 28th 2025, 12:25:46 am (UTC+00:00)</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
                <ul>
                  <li class="paths">quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd/Dockerfile (deb)</li>
                  <li class="paths">quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
                  <li class="paths">quay.io/argoproj/argocd:v3.2.0-rc1//usr/local/bin/kustomize (gomodules)</li>
                  <li class="paths">quay.io/argoproj/argocd:v3.2.0-rc1/helm/v3//usr/local/bin/helm (gomodules)</li>
                  <li class="paths">quay.io/argoproj/argocd:v3.2.0-rc1/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                </ul>
              </div>
    
              <div class="meta-counts">
                <div class="meta-count"><span>23</span> <span>known vulnerabilities</span></div>
                <div class="meta-count"><span>78 vulnerable dependency paths</span></div>
                <div class="meta-count"><span>2322</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
        </div><!-- .layout-stacked__header -->

    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
            <h2 class="card__title">Improper Handling of Unexpected Data Type</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--high">
                        <span class="label__text">high severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                    </li>
                    <li class="card__meta__item">
                        Package Manager: golang
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            golang.org/x/crypto/ssh/agent
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                github.com/argoproj/argo-cd/v3@* and golang.org/x/crypto/ssh/agent@v0.42.0
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        github.com/argoproj/argo-cd/v3@*
                                         <span class="list-paths__item__arrow">›</span> 
                                        golang.org/x/crypto/ssh/agent@v0.42.0
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="overview">Overview</h2>
        <p>Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type when functions including <code>List()</code> and <code>SignWithFlags()</code> process <code>*successAgentMsg</code>. This can be triggered by a malicious agent sending a single <code>0x06</code> byte (<code>SSH_AGENT_SUCCESS</code>), which is unmarshalled into a <code>*successAgentMsg</code>, causing a panic and client crash.</p>
        <h2 id="details">Details</h2>
        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
        <p>Two common types of DoS vulnerabilities:</p>
        <ul>
        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
        </li>
        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
        </li>
        </ul>
        <h2 id="remediation">Remediation</h2>
        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="https://github.com/golang/crypto/commit/559e062ce8bfd6a39925294620b50906ca2a6f95">GitHub Commit</a></li>
        <li><a href="https://github.com/golang/go/issues/75178">GitHub Issue</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSHAGENT-12668891">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Directory Traversal</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            tar
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and tar@1.35+dfsg-3.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        tar@1.35+dfsg-3.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        dpkg@1.22.18ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        tar@1.35+dfsg-3.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each &#34;tar xf&#34; in its Security Rules of Thumb; however, third-party advice leads users to run &#34;tar xf&#34; more than once into the same directory.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>tar</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
        <li><a href="https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html">https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html</a></li>
        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Integrity.html">https://www.gnu.org/software/tar/manual/html_node/Integrity.html</a></li>
        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html">https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-TAR-10769054">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Out-of-bounds Write</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            pcre2/libpcre2-8-0
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and pcre2/libpcre2-8-0@10.45-1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre2/libpcre2-8-0@10.45-1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.48.1-0ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre2/libpcre2-8-0@10.45-1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        grep@3.11-4build1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre2/libpcre2-8-0@10.45-1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        base-passwd@3.6.6
                                         <span class="list-paths__item__arrow">›</span> 
                                        libselinux/libselinux1@3.7-3ubuntu3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pcre2/libpcre2-8-0@10.45-1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pcre2</code> package and not the <code>pcre2</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:25.04</code> <code>pcre2</code> to version 10.45-1ubuntu0.1 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-58050">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-58050</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254">https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46">https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46</a></li>
        <li><a href="https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2">https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PCRE2-12225997">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Directory Traversal</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            pam/libpam0g
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and pam/libpam0g@1.5.3-7ubuntu4.3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a &#34;complete&#34; fix for CVE-2025-6020.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>pam</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2025-8941">https://access.redhat.com/security/cve/CVE-2025-8941</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2388220">https://bugzilla.redhat.com/show_bug.cgi?id=2388220</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:14557">https://access.redhat.com/errata/RHSA-2025:14557</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15100">https://access.redhat.com/errata/RHSA-2025:15100</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15104">https://access.redhat.com/errata/RHSA-2025:15104</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15107">https://access.redhat.com/errata/RHSA-2025:15107</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15099">https://access.redhat.com/errata/RHSA-2025:15099</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15101">https://access.redhat.com/errata/RHSA-2025:15101</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15102">https://access.redhat.com/errata/RHSA-2025:15102</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15103">https://access.redhat.com/errata/RHSA-2025:15103</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15105">https://access.redhat.com/errata/RHSA-2025:15105</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15106">https://access.redhat.com/errata/RHSA-2025:15106</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15709">https://access.redhat.com/errata/RHSA-2025:15709</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15828">https://access.redhat.com/errata/RHSA-2025:15828</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:15827">https://access.redhat.com/errata/RHSA-2025:15827</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:16524">https://access.redhat.com/errata/RHSA-2025:16524</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-11936906">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Authentication</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            pam/libpam0g
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and pam/libpam0g@1.5.3-7ubuntu4.3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux@2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:25.04</code> <code>pam</code> to version 1.5.3-7ubuntu4.4 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-9795583">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">CVE-2025-8058</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            glibc/libc-bin
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and glibc/libc-bin@2.41-6ubuntu1.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc-bin@2.41-6ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc6@2.41-6ubuntu1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>The regcomp function in the GNU C library version from 2.4 to 2.41 is 
        subject to a double free if some previous allocation fails. It can be 
        accomplished either by a malloc failure or by using an interposed malloc
         that injects random malloc failures. The double free can allow buffer 
        manipulation depending of how the regex is constructed. This issue 
        affects all architectures and ABIs supported by the GNU C library.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:25.04</code> <code>glibc</code> to version 2.41-6ubuntu1.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058</a></li>
        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33185">https://sourceware.org/bugzilla/show_bug.cgi?id=33185</a></li>
        <li><a href="https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f">https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-11031047">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">MPL-2.0 license</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                    </li>
                    <li class="card__meta__item">
                        Package Manager: golang
                    </li>
                    <li class="card__meta__item">
                            Module:
        
                            github.com/r3labs/diff/v3
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                github.com/argoproj/argo-cd/v3@* and github.com/r3labs/diff/v3@v3.0.2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        github.com/argoproj/argo-cd/v3@*
                                         <span class="list-paths__item__arrow">›</span> 
                                        github.com/r3labs/diff/v3@v3.0.2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <p>MPL-2.0 license</p>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:v3:MPL-2.0">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">MPL-2.0 license</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                    </li>
                    <li class="card__meta__item">
                        Package Manager: golang
                    </li>
                    <li class="card__meta__item">
                            Module:
        
                            github.com/hashicorp/go-version
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.7.0
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        github.com/argoproj/argo-cd/v3@*
                                         <span class="list-paths__item__arrow">›</span> 
                                        github.com/hashicorp/go-version@v1.7.0
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <p>MPL-2.0 license</p>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">MPL-2.0 license</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                    </li>
                    <li class="card__meta__item">
                        Package Manager: golang
                    </li>
                    <li class="card__meta__item">
                            Module:
        
                            github.com/hashicorp/go-retryablehttp
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.8
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        github.com/argoproj/argo-cd/v3@*
                                         <span class="list-paths__item__arrow">›</span> 
                                        github.com/hashicorp/go-retryablehttp@v0.7.8
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <p>MPL-2.0 license</p>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">MPL-2.0 license</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                    </li>
                    <li class="card__meta__item">
                        Package Manager: golang
                    </li>
                    <li class="card__meta__item">
                            Module:
        
                            github.com/hashicorp/go-multierror
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        helm.sh/helm/v3@*
                                         <span class="list-paths__item__arrow">›</span> 
                                        github.com/hashicorp/go-multierror@v1.1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <p>MPL-2.0 license</p>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">MPL-2.0 license</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                    </li>
                    <li class="card__meta__item">
                        Package Manager: golang
                    </li>
                    <li class="card__meta__item">
                            Module:
        
                            github.com/hashicorp/go-cleanhttp
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        github.com/argoproj/argo-cd/v3@*
                                         <span class="list-paths__item__arrow">›</span> 
                                        github.com/hashicorp/go-cleanhttp@v0.5.2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <p>MPL-2.0 license</p>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">MPL-2.0 license</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                    </li>
                    <li class="card__meta__item">
                        Package Manager: golang
                    </li>
                    <li class="card__meta__item">
                            Module:
        
                            github.com/gosimple/slug
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                github.com/argoproj/argo-cd/v3@* and github.com/gosimple/slug@v1.15.0
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        github.com/argoproj/argo-cd/v3@*
                                         <span class="list-paths__item__arrow">›</span> 
                                        github.com/gosimple/slug@v1.15.0
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <p>MPL-2.0 license</p>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
            <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--medium">
                        <span class="label__text">medium severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            git/git-man
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd@v3.2.0-rc1, git@1:2.48.1-0ubuntu1.1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.48.1-0ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git/git-man@1:2.48.1-0ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.48.1-0ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git-lfs@3.6.1-1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.48.1-0ubuntu1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called &#34;sideband channel&#34;. These messages will be prefixed with &#34;remote:&#34; and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>git</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005</a></li>
        <li><a href="https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329">https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329</a></li>
        <li><a href="https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net">https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GIT-9792199">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2024-56433</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            shadow/login.defs
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and shadow/login.defs@1:4.16.0-7ubuntu1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/login.defs@1:4.16.0-7ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/login.defs@1:4.16.0-7ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/login.defs@1:4.16.0-7ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        openssh/openssh-client@1:9.9p1-3ubuntu3.2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        adduser@3.137ubuntu2
                                         <span class="list-paths__item__arrow">›</span> 
                                        shadow/passwd@1:4.16.0-7ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>shadow</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
        <li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
        <li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
        <li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-SHADOW-9791968">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Double Free</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            patch
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and patch@2.7.6-7build3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        patch@2.7.6-7build3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>patch</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952</a></li>
        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">https://security-tracker.debian.org/tracker/CVE-2018-6952</a></li>
        <li><a href="https://security.gentoo.org/glsa/201904-17">https://security.gentoo.org/glsa/201904-17</a></li>
        <li><a href="https://savannah.gnu.org/bugs/index.php?53133">https://savannah.gnu.org/bugs/index.php?53133</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">https://access.redhat.com/errata/RHSA-2019:2033</a></li>
        <li><a href="http://www.securityfocus.com/bid/103047">http://www.securityfocus.com/bid/103047</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PATCH-9814413">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            patch
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and patch@2.7.6-7build3
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        patch@2.7.6-7build3
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>patch</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261</a></li>
        <li><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PATCH-9821808">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Information Exposure</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            libgcrypt20
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and libgcrypt20@1.11.0-6ubuntu1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libgcrypt20@1.11.0-6ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libgcrypt20@1.11.0-6ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libgcrypt20@1.11.0-6ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libgcrypt20@1.11.0-6ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgv@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libgcrypt20@1.11.0-6ubuntu1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        libgcrypt20@1.11.0-6ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libgcrypt20</code> package and not the <code>libgcrypt20</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>A timing-based side-channel flaw was found in libgcrypt&#39;s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>libgcrypt20</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:3534">https://access.redhat.com/errata/RHSA-2025:3534</a></li>
        <li><a href="https://access.redhat.com/errata/RHSA-2025:3530">https://access.redhat.com/errata/RHSA-2025:3530</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-LIBGCRYPT20-9794004">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Out-of-bounds Write</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            gnupg2/gpgv
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and gnupg2/gpgv@2.4.4-2ubuntu23.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgv@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        apt@3.0.0
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgv@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        gnupg2/gpg-agent@2.4.4-2ubuntu23.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnupg2</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219</a></li>
        <li><a href="https://access.redhat.com/security/cve/CVE-2022-3219">https://access.redhat.com/security/cve/CVE-2022-3219</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2127010">https://bugzilla.redhat.com/show_bug.cgi?id=2127010</a></li>
        <li><a href="https://dev.gnupg.org/D556">https://dev.gnupg.org/D556</a></li>
        <li><a href="https://dev.gnupg.org/T5993">https://dev.gnupg.org/T5993</a></li>
        <li><a href="https://marc.info/?l=oss-security&m=165696590211434&w=4">https://marc.info/?l=oss-security&amp;m=165696590211434&amp;w=4</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20230324-0001/">https://security.netapp.com/advisory/ntap-20230324-0001/</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUPG2-9801283">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            glibc/libc-bin
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and glibc/libc-bin@2.41-6ubuntu1.1
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc-bin@2.41-6ubuntu1.1
                                        
                                </span>
        
                            </li>
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        glibc/libc6@2.41-6ubuntu1.1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>glibc</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013</a></li>
        <li><a href="https://akkadia.org/drepper/SHA-crypt.txt">https://akkadia.org/drepper/SHA-crypt.txt</a></li>
        <li><a href="https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/">https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/</a></li>
        <li><a href="https://twitter.com/solardiz/status/795601240151457793">https://twitter.com/solardiz/status/795601240151457793</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-9828016">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2025-6297</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            dpkg
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and dpkg@1.22.18ubuntu2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        dpkg@1.22.18ubuntu2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>dpkg</code> package and not the <code>dpkg</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
        documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on
        adversarial .deb packages or with well compressible files, placed
        inside a directory with permissions not allowing removal by a non-root
        user, this can end up in a DoS scenario due to causing disk quota
        exhaustion or disk full conditions.</p>
        <h2 id="remediation">Remediation</h2>
        <p>Upgrade <code>Ubuntu:25.04</code> <code>dpkg</code> to version 1.22.18ubuntu2.2 or higher.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6297">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6297</a></li>
        <li><a href="https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82">https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-DPKG-10597582">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2025-9086</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3t64-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd@v3.2.0-rc1, git@1:2.48.1-0ubuntu1.1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.48.1-0ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <ol>
        <li>A cookie is set using the <code>secure</code> keyword for <code>https://target</code></li>
        <li>curl is redirected to or otherwise made to speak with <code>http://target</code> (same
        hostname, but using clear text HTTP) using the same cookie set</li>
        <li>The same cookie name is set - but with just a slash as path (<code>path=&amp;#39;/&amp;#39;</code>).
        Since this site is not secure, the cookie <em>should</em> just be ignored.</li>
        <li>A bug in the path comparison logic makes curl read outside a heap buffer
        boundary</li>
        </ol>
        <p>The bug either causes a crash or it potentially makes the comparison come to
        the wrong conclusion and lets the clear-text site override the contents of the
        secure cookie, contrary to expectations and depending on the memory contents
        immediately following the single-byte allocation that holds the path.</p>
        <p>The presumed and correct behavior would be to plainly ignore the second set of
        the cookie since it was already set as secure on a secure host so overriding
        it on an insecure host should not be okay.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>curl</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9086">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9086</a></li>
        <li><a href="https://curl.se/docs/CVE-2025-9086.html">https://curl.se/docs/CVE-2025-9086.html</a></li>
        <li><a href="https://curl.se/docs/CVE-2025-9086.json">https://curl.se/docs/CVE-2025-9086.json</a></li>
        <li><a href="https://hackerone.com/reports/3294999">https://hackerone.com/reports/3294999</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-CURL-12613445">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2025-10148</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            curl/libcurl3t64-gnutls
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
                                    docker-image|quay.io/argoproj/argocd@v3.2.0-rc1, git@1:2.48.1-0ubuntu1.1 and others
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        git@1:2.48.1-0ubuntu1.1
                                         <span class="list-paths__item__arrow">›</span> 
                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>curl&#39;s websocket code did not update the 32 bit mask pattern for each new
         outgoing frame as the specification says. Instead it used a fixed mask that
        persisted and was used throughout the entire connection.</p>
        <p>A predictable mask pattern allows for a malicious server to induce traffic
        between the two communicating parties that could be interpreted by an involved
        proxy (configured or transparent) as genuine, real, HTTP traffic with content
        and thereby poison its cache. That cached poisoned content could then be
        served to all users of that proxy.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>curl</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-10148">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-10148</a></li>
        <li><a href="https://curl.se/docs/CVE-2025-10148.html">https://curl.se/docs/CVE-2025-10148.html</a></li>
        <li><a href="https://curl.se/docs/CVE-2025-10148.json">https://curl.se/docs/CVE-2025-10148.json</a></li>
        <li><a href="https://hackerone.com/reports/3330839">https://hackerone.com/reports/3330839</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-CURL-12613508">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">Improper Input Validation</h2>
            <div class="card__section">
        
                <div class="card__labels">
                    <div class="label label--low">
                        <span class="label__text">low severity</span>
                    </div>
                </div>
        
                <hr/>
        
                <ul class="card__meta">
                    <li class="card__meta__item">
                        Manifest file: quay.io/argoproj/argocd:v3.2.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                    </li>
                    <li class="card__meta__item">
                        Package Manager: ubuntu:25.04
                    </li>
                    <li class="card__meta__item">
                            Vulnerable module:
        
                            coreutils
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
                                docker-image|quay.io/argoproj/argocd@v3.2.0-rc1 and coreutils@9.5-1ubuntu1.25.04.2
        
                    </li>
                </ul>
        
                <hr/>
        
        
                        <h3 class="card__section__title">Detailed paths</h3>
        
                    <ul class="card__meta__paths">
                                <li>
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@v3.2.0-rc1
                                         <span class="list-paths__item__arrow">›</span> 
                                        coreutils@9.5-1ubuntu1.25.04.2
                                        
                                </span>
        
                            </li>
                    </ul><!-- .list-paths -->
        
            </div><!-- .card__section -->
        
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>coreutils</code> package and not the <code>coreutils</code> package as distributed by <code>Ubuntu</code>.</em>
        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
        <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
        <h2 id="remediation">Remediation</h2>
        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>coreutils</code>.</p>
        <h2 id="references">References</h2>
        <ul>
        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781</a></li>
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">https://security-tracker.debian.org/tracker/CVE-2016-2781</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a></li>
        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a></li>
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-COREUTILS-9827293">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
      </div><!-- cards -->
    </div>
  </main><!-- .layout-stacked__content -->
</body>

</html>
